Skills
skills/inference-sh-9/skills/ai-rag-pipeline/Gen Agent Trust Hub

ai-rag-pipeline

Fail

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads the official CLI tool from https://cli.inference.sh and pipes it to the shell for installation. This is the standard installation method for the vendor's tooling.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash(infsh *) tool to execute various vendor-specific applications for search, extraction, and LLM generation.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface where untrusted data from web searches and content extraction is interpolated directly into LLM prompts.
  • Ingestion points: Variables such as $SEARCH_RESULT, $CONTENT, and $EVIDENCE are populated with data retrieved from external web sources via tavily/* and exa/* apps.
  • Boundary markers: The provided templates lack strong boundary markers (e.g., XML tags or delimiters) or system instructions to ignore embedded commands within the retrieved context.
  • Capability inventory: The skill has access to the Bash tool restricted to the infsh command, which allows it to run various RAG-related applications and process data.
  • Sanitization: There is no evidence of sanitization, escaping, or validation of the retrieved web content before it is injected into the LLM prompts.
Recommendations
  • HIGH: Downloads and executes remote code from: https://cli.inference.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 25, 2026, 05:35 PM